The Secondary Logon service must be disabled on Windows 11.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-253289	WN11-00-000175	SV-253289r958478_rule		Medium

Description

The Secondary Logon service provides a means for entering alternate credentials, typically used to run commands with elevated privileges. Using privileged credentials in a standard user session can expose those credentials to theft.

STIG	Date
Microsoft Windows 11 Security Technical Implementation Guide	2024-09-12

Details

Check Text (C-56742r828949_chk)

Run "Services.msc".

Locate the "Secondary Logon" service.

If the "Startup Type" is not "Disabled" or the "Status" is "Running", this is a finding.

Fix Text (F-56692r828950_fix)

Configure the "Secondary Logon" service "Startup Type" to "Disabled".